[Security] Bump ffi from 1.9.14 to 1.13.0

[dependabot-preview]

Bumps ffi from 1.9.14 to 1.13.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The Ruby Advisory Database.

ruby-ffi DDL loading issue on Windows OS ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.

Patched versions: >= 1.9.24 Unaffected versions: none

Changelog

Sourced from ffi's changelog.

1.13.0 / 2020-06-01

Added:

• Add TruffleRuby support. Almost all specs are running on TruffleRuby and succeed. #768
• Add ruby source files to the java gem. This allows to ship the Ruby library code per platform java gem and add it as a default gem to JRuby. #763
• Add FFI::Platform::LONG_DOUBLE_SIZE
• Add bounds checks for writing to an inline char[] . #756
• Add long double as callback return value. #771
• Update type definitions and add types from stdint.h and stddef.h on i386-windows, x86_64-windows, x86_64-darwin, x86_64-linux, arm-linux, powerpc-linux. #749
• Add new type definitions for powerpc-openbsd and sparcv9-openbsd. #775, #778

Changed:

• Raise required ruby version to >= 2.3.
• Lots of cleanups and improvements in library, specs and benchmarks.
• Fix a lot of compiler warnings at the C-extension
• Fix several install issues on MacOS:
  • Look for libffi in SDK paths, since recent versions of macOS removed it from /usr/include . #757
  • Fix error ld: library not found for -lgcc_s.10.4
  • Don't built for i386 architecture as it is deprecated
• Several fixes for MSVC build on Windows. #779
• Use ucrtbase.dll as default C library on Windows instead of old msvcrt.dll. #779
• Update builtin libffi to fix a Powerpc issue with parameters of type long
• Allow unmodified sourcing of (the ruby code of) this gem in JRuby and TruffleRuby as a default gem. #747
• Improve check to detect if a module has a #find_type method suitable for FFI. This fixes compatibility with stdlib mkmf . #776

Removed:

• Reject callback with :string return type at definition, because it didn't work so far and is not save to use. #751, #782

1.12.2 / 2020-02-01

• Fix possible segfault at FFI::Struct#[] and []= after GC.compact . #742

1.12.1 / 2020-01-14

Added:

• Add binary gem support for ruby-2.7 on Windows

1.12.0 / 2020-01-14

Added:

• FFI::VERSION is defined as part of require 'ffi' now. It is no longer necessary to require 'ffi/version' .

... (truncated)

Commits

• 426be5e Don't cross build extension for ruby-2.2 per "rake gem:windows"
• c17db09 Update release date in CHANGELOG
• abecee3 Remove code required for ruby prior 2.3
• 6624359 Raise minimum ruby version to 2.3
• 7ef4f5a Bump VERSION to 1.13.0
• a8fd5b3 Add 1.13.0 to CHANGELOG
• ce9de53 Use shorter const names like in other files
• d510675 Merge pull request #782 from larskanis/reject_string_callback
• e2b1c7e Reject callback with :string return type
• 6a14427 Merge branch 'master' of https://github.com/ffi/ffi
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #11.